The security system is scheduled to 4.5 release and we are starting with it right after 4.4 final is out. Currently, 4.4 version is in beta stage and will be release in January, so I suppose that the early version (beta) of security might appear in late January/early February.

Dmitri, is it possible to get some brief information about the concept?..
I mean is will be possible to limit data selection by some criterias for certain users?
Is something like Action and Permissions will be?
and etc.

I think this information will be usefull for making a decision to develop something own or to wait for next release.

I'm sorry about the fact that the post writing was suspended. We've been extremely busy with delivering the fresh and hot 4.4 final. Hope, it will be released shortly and finally, I'll find the necessary time to continue with the task.

Let's try discussing the subject. Could you describe a scenario when user-based permissions are more preferable than role-based approach?

As for me, pure RBAC is almost ideal for usage in business process-oriented systems: roles have permissions on operations on subjects, a user can play several roles within an organization according to his current job position. While users can come and go, role hierarchy as well as the amount of duties for every job position stay more or less stable.

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!